Should MIT policies on the collection, provision, and retention of electronic records be reviewed?

10 Comments

Given the recent revelations on the NSA, it would be wise (I believe) for MIT review the polices on the collection, provision, and retention of electronic records, with the intention of minimizing such records.

I agree with Jim. I think we should not help the NSA unless the Supreme Court (not FISC, which does not have the authority it claims) demands it. That is what "legal compliance" should mean to an adversarial, freedom-loving campus.

The Institute's keeping and sharing of such electronic records led to a death of a smart young man, and his impending imprisonment under archaic laws. I should fucking hope you're reconsidering the policy: is even one life worth making publishing companies happy?

Yes obviously because your own review clearly shows that you do not know what you are doing nor why. Even my local dentist's office has a better understanding of the issue of records retention and protection.

Yes. MIT has been a leader in the past in thinking about policies regarding information about individuals that are captured and stored in computer databases. But times have changed a great deal - the "Big Data" revolution has demonstrated that misuse is becoming easier, that the cost of capturing "sensor data" (recorded communications, behavioral tracking, ...) and recording/indexing it forever is now far less than the cost of "cleaning" or removing data about people and their activities.

Also, MIT's very complex relations with large data-seeking entities creates an immense conflict of interest, such that MIT has difficulty NOT handing that data over to others who exert a small bit of pressure.

The report reveals how easily a person acting without clear authority (the Secret Service agent) was able to earn trust and acquire access to sensitive data dumps on a relatively large scale. It also reveals that MIT apparently has no policy other than that provided by an "Outside Counsel" to act on such matters or to determine its own policy. This represents an amazingly low quality managerial culture, depending on others to set policy without any particularly effective discussion of its ramifications.

MIT represents the interests of many diverse entities who share the campus. It is not, per se, an agent of the US Government, and therefore must have its own views, and it must both formulate them and have a defense for them that is not determined merely by "the government told us to do it". On many issues, this is true. On the matter of stored records and data collection, apparently this is not true, or is true no longer (since I believe that in the 1970's MIT spent a great deal of effort on such institutional issues).